Balancing Isolation and Sharing of Data for Third-Party Extensible App Ecosystems

摘要

In the landscape of application ecosystems, today's cloud users wish topersonalize not only their browsers with various extensions or theirsmartphones with various applications, but also the various extensions andapplications themselves. The resulting personalization significantly raises theattractiveness for typical Web 2.0 users, but gives rise to various securityrisks and privacy concerns, such as unforeseen access to certain criticalcomponents, undesired information flow of personal information to untrustedapplications, or emerging attack surfaces that were not possible before apersonalization has taken place. In this paper, we propose a novel extensibility mechanism which is used forimplementing personalization of existing cloud applications towards (possiblyuntrusted) components in a secure and privacy-friendly manner. Our modelprovides a clean component abstraction, thereby in particular ruling outundesired component accesses and ensuring that no undesired information flowtakes place between application components -- either trusted from the baseapplication or untrusted from various extensions. We then instantiate our modelin the SAFE web application framework (WWW 2012), resulting in a novelmethodology that is inspired by traditional access control and specificallydesigned for the newly emerging needs of extensibility in applicationecosystems. We illustrate the convenient usage of our techniques by showing howto securely extend an existing social network application.